Plaintext Passwords

You might be surprised to learn how many companies actually store your password in their database in a plain-text format.

What does that mean for you? Well, a single break in to the database using one method or another, means that your password is now known.

The simplest and surprisingly effective method of protecting your customer’s details is to only store a hash of their password. Hashing turns any length of data (your password) into a set length output (a hash), in which it remains to be very difficult to reverse this process. If a user hashes the correct password again, it will match the one stored in the database allowing for a login to take place.

Plain Text Offenders provides a list of companies who are storing your passwords in a plain text format. There are some really interesting and depressing entries in that list; see: 1and1.co.uk, telltalegames.com (and I really like them), guardian.co.uk and plenty more.

What to look out for?

There are plenty of other website that store your information in a plain text format, so what do you need to look out for?

First and foremost: Your original password is sent back to you in a email when requested.